Is Skype a Bad Network Neighbor?

Maybe the Ebay/Skype personnel shuffle — Skype’s “nightmare before Christmas” as Om Malik called it — has to do with other people’s nightmares about what Skype might be doing to their networks.

While the controversy about Skype on academic networks has made the mainstream media in recent months, there’s also been a controversy brewing — mostly surfacing in the business press — about Skype use on business networks.

Back in 2005, Gartner Group was warning against Skype. And last May the industry analyst advised companies to “ditch” Skype because of its inherent security risks and the traffic that the peer-to-peer VoIP service puts through the network — even when no Skype calls are being made. Skype describes this as ‘symbiotic” but corporate IT departments are more likely to use the word “parasitic.”

One major U.S. aerospace company is actively blocking the ports that carry Skype traffic and an employee of the company, who declined to be identified, says that other organizations are following suit. “Peer-to-peer is seen as a bad neighbor by corporate IT departments,” the employee says.

How risky is Skype? Consider this. Earlier this week, the Washington Post reported that the computer system at the Naval War College was brought down by what some believe to be Chinese hackers. And last summer the blogosphere was abuzz with reports that a Chinese company had cracked Skype’s proprietary protocol. The combination of the two could add up to a perfect storm — typhoon? — for corporate networks.

Last June, Bit9, a Cambridge, MA-based security firm listed Skype as Number 3 in its list of the top security risks in corporate environments. What took first place in this software rogues gallery? Firefox 1.5., with Apple iTunes 6.02 and Quicktime 7.0.3 tied in second place.

– Skype shares bandwidth if a client become a supernode. But you can’t become a supernode unless you have a full peer internet connection. Which means no firewall and no NAT. Which means no corporate PCs, because they’ll all be behind a corporate firewall and NAT. So this whole story about Skype using corporate bandwidth without asking because of it’s P2P roots is pure FUD, isn’t it?

– That whole paragraph about Chinese hackers is idle speculation. Now that can be entertaining, but it’s not proof of anything.

– Then there’s Firefox being a top security risk. Um, compared with what?

Perhaps you should ask who paid for all those reports from Gartner, and Bit9 and similar Skype scare stories from around the world. It’s not exactly unknown for analysts to write a story that suits their primary customers.